orphan A record removal - glue records

[Matt Larson]

> We have received a mail from our registrar with the following content:
>
> Purpose of this Action (as explained by VeriSign):
> The current zone generation process publishes A (address) records
(also
> called "glue" records) regardless of whether or not the name server is
> referenced by any NS (name server) records. In other words, an A
record
> is published even if no zone delegations reference it. These A records
> are called orphans, and their presence in the COM/NET/ORG zones is
> undesirable for a number of reasons, both administrative and
technical.
>
> Could someone explain me what this means.

The com, net and org zones currently contain A records that are not
referenced by/do not appear in any NS records in the same zones.  For
lack of a better term, we've taken to calling these "orphan" records,
since they don't "belong" to any NS records.  Let me give an example:

foo.com.      in  ns  ns1.foo.com.
foo.com.          ns  ns1.bar.com.
ns1.foo.com.      a   10.1.2.3       ; Not an orphan
ns2.foo.com.      a   10.1.2.4       ; Orphan
ns1.bar.com.      a   10.2.3.4       ; Also not an orphan

If the com zone contained only the records above, ns1.foo.com and
ns1.bar.com would not be considered orphans because they're referenced
in the RDATA of (i.e., appear on the right side of) NS records in the
com zone.  ns2.foo.com would be an orphan.

Orphans are extra records that we've been including in the zones
unnecessarily, mostly as an artifact of the Registry-Registrar Protocol
(RRP) used by registrars to register domains.  RRP has separate
operations to create a "name server" (i.e., create an A record) and
associate name servers with a domain (i.e., create an NS RRset).  It's
possible to do the former without doing the latter, which results in
orphans.

If you have any other questions, please follow up to the mailing list or
feel free to contact me directly.

Matt
--
Matt Larson <mlarson at verisign.com>
VeriSign Global Registry Services